diff --git a/app/controllers/admin/bulk_line_items_controller.rb b/app/controllers/admin/bulk_line_items_controller.rb
index 86a2f539e2..dba7bd9bef 100644
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -29,7 +29,7 @@ module Admin
       # See https://github.com/rails/rails/blob/3-2-stable/activerecord/lib/active_record/locking/pessimistic.rb#L69
       # and https://www.postgresql.org/docs/current/static/sql-select.html#SQL-FOR-UPDATE-SHARE
       order.with_lock do
-        if @line_item.update_attributes(params[:line_item])
+        if @line_item.update_attributes(line_item_params)
           order.update_distribution_charge!
           render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
         else
@@ -73,5 +73,9 @@ module Admin
     def order
       @line_item.order
     end
+
+    def line_item_params
+      params.require(:line_item).permit(:price, :quantity, :final_weight_volume)
+    end
   end
 end